Announcement

**Asher** · December 28, 2012, 18:29

Originally posted by regexcellent View Post

Don't let him get away with thinking that wireshark can sniff other people's wireless traffic.

Wireshark can capture wireless packets in promiscuous mode. Just because you don't know how to do it, or even how to google how to do it, doesn't mean you can't.

Your wifi card and driver does need to support monitor mode, though.

And don't tell me this must be a new feature. I did this back when I was in college back when it was called Ethereal and we were rocking 802.11b.

**Hauldren Collider** · December 28, 2012, 18:45

My guess is all the wifi adapters he used weren't compatible. I know mine isn't. The option, as I recall, doesn't show up unless your card is compatible.

That being said, promiscuous mode doesn't do you a whole lot of good if you are far away from the WAP. Chances are, you will get a lot of corrupted and missing packets.

**Sava** · January 4, 2013, 03:25

Originally posted by Asher View Post

How this geek spent today during his vacation: Seeing if I could crack my neighbour's WPA2 wireless password and gain access to his network. Very educational - I learned all about 802.1x, EAPOL, etc. It was surprisingly easy with all of the free tools out there now. Knowing what I know now, I could probably crack 50% of people's WPA2 passwords in an hour or so (using some premium cloud compute services, though). The scariest part is - my neighbour had a really good password. Mixed case, 12 chars long, letters & numbers. He's also a senior systems administrator for a very large web-based company, so he knew his security stuff in general.

The problem was it still was based on a dictionary word.

If you care about your wireless security (and you should!), make sure you are using WPA2 (not WEP, which can be cracked in under a minute with the click of a button) and ensure that it's not based on dictionary words. It's only going to get easier to crack as computers become more powerful.

Cracking WPA2 is so 2000 and late.

**MikeH** · January 4, 2013, 04:35

I would double up not only using non-dictionary passwords but also using longer passwords in general.

**MikeH** · January 4, 2013, 04:37

at 200,000 guesses per second the time in the first example goes down to 22 mins.

**bantams** · January 4, 2013, 05:10

You would be supprised how many times ive managed to get onto other peoples wifi with just the default password of admin.

**Sava** · January 4, 2013, 11:51

I wouldn't.

I've hacked into neighbor's wifi and gained access to their TiVo... recorded random shows... deleted the stuff they had saved.

That's about as malicious as I'll get. Karma's a *****.

**Asher** · January 4, 2013, 23:04

Originally posted by Sava View Post

Cracking WPA2 is so 2000 and late.

WPA is from 2003.
WPA2 is from 2004.

**giblets** · January 5, 2013, 01:46

Originally posted by Asher View Post

How this geek spent today during his vacation: Seeing if I could crack my neighbour's WPA2 wireless password and gain access to his network. Very educational - I learned all about 802.1x, EAPOL, etc. It was surprisingly easy with all of the free tools out there now. Knowing what I know now, I could probably crack 50% of people's WPA2 passwords in an hour or so (using some premium cloud compute services, though). The scariest part is - my neighbour had a really good password. Mixed case, 12 chars long, letters & numbers. He's also a senior systems administrator for a very large web-based company, so he knew his security stuff in general.

The problem was it still was based on a dictionary word.

If you care about your wireless security (and you should!), make sure you are using WPA2 (not WEP, which can be cracked in under a minute with the click of a button) and ensure that it's not based on dictionary words. It's only going to get easier to crack as computers become more powerful.

Why should I care if someone can access my network?

**Hauldren Collider** · January 5, 2013, 11:47

For the most part, you probably shouldn't, at least if you're using encryption for the important stuff like email and financial transactions. Since gmail won't actually use http anymore and all the credit card companies require sites to use https, it doesn't really matter.

**Berzerker** · January 5, 2013, 15:04

does this mean you're a stalker, peeping tom, or model citizen?

if its the latter, where do I find my own password (assuming I got one)?

**Al B. Sure!** · January 5, 2013, 15:28

My password is pass12345

Seriously. I don't give a ****. Come at me, Asher

**Asher** · January 5, 2013, 17:49

Originally posted by Hauldren Collider View Post

For the most part, you probably shouldn't, at least if you're using encryption for the important stuff like email and financial transactions. Since gmail won't actually use http anymore and all the credit card companies require sites to use https, it doesn't really matter.

You are implying SSL is invulnerable. It is not. Especially if you have access to the local network.

Last I checked, 90% of popular sites were vulnerable to decryption attacks.

**Hauldren Collider** · January 5, 2013, 18:14

Asher, SSL is essentially invulnerable, particularly if you have a signed certificate. I challenge you to decrypt gmail.com or bankofamerica.com if you disagree.

**Asher** · January 5, 2013, 18:24

90% of popular SSL sites vulnerable to exploits, researchers find

http://arstechnica.com/business/2012/04/90-of-popular-ssl-sites-vulnerable-to-exploits-researchers-find/

90 percent of SSL sites are vulnerable to attacks that subvert the protection.

90% of popular SSL sites vulnerable to exploits, researchers find
90 percent of SSL sites are vulnerable to attacks that subvert the protection.

Less than 10 percent of the most popular websites offering Secure Socket Layer protection are hardened against known attacks that could allow hackers to decrypt or tamper with encrypted traffic, researchers said Thursday.

The grim figure was generated by SSL Pulse, a website that monitors the effectiveness of the 200,000 most popular websites that use SSL, also known as Transport Layer Security, to protect e-mail and other sensitive data from being snooped on while in transit. The product of a group of SSL experts from Google, Twitter, PayPal, Qualys and other firms, SSL Pulse systematically scans all subdomains of the top-ranked sites as measured by Alexa for pages that use the protocol to prevent man-in-the-middle eavesdropping. By examining the top 200,000 SSL-enabled sites, the researchers aim to give a snapshot of the overall health of SSL protection, which is offered by an estimated 1.5 million sites in total.

Out of the 200,000 sites examined, only 19,024 were configured to withstand an attack discovered in 2009 that allows attackers to inject data into encrypted traffic passing between two endpoints. The vulnerability resides in the SSL protocol itself and can be exploited by renegotiating the protected session, something that often happens to generate a new cryptographic key. Just a few weeks after the bug was discovered, a Turkish grad student showed how it allowed him to steal Twitter login credentials that passed through encrypted data streams.

...

It must be nice to be incessantly naive.

Announcement

WiFi PSA

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment